PyPI - clear-your-tools - Versions diffs - 0.0.1__tar.gz - Mend

clear-your-tools 0.0.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

clear_your_tools-0.0.1/.ast-grep/rule-tests/.gitkeep ADDED Viewed

File without changes

clear_your_tools-0.0.1/.ast-grep/rule-tests/Test.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Test the rule
+<https://github.com/ast-grep/ast-grep.github.io/blob/main/website/guide/test-rule.md>

clear_your_tools-0.0.1/.ast-grep/rules/.gitkeep ADDED Viewed

File without changes

clear_your_tools-0.0.1/.ast-grep/rules/Lint.md ADDED Viewed

@@ -0,0 +1,12 @@
+# Lint Rule
+<https://github.com/ast-grep/ast-grep.github.io/blob/main/website/guide/project/lint-rule.md>
+## Rule Catalog
+<https://github.com/ast-grep/ast-grep.github.io/tree/main/website/catalog/python>
+<https://github.com/ast-grep/ast-grep.github.io/tree/main/website/catalog/yaml>
+<https://github.com/ast-grep/ast-grep.github.io/tree/main/website/catalog/typescript>
+<https://github.com/ast-grep/ast-grep.github.io/tree/main/website/catalog/html>
+<https://github.com/coderabbitai/ast-grep-essentials/tree/main/rules>

clear_your_tools-0.0.1/.ast-grep/rules/avoid-nested-links-tsx.yml ADDED Viewed

@@ -0,0 +1,8 @@
+id: no-nested-links
+language: tsx
+severity: error
+rule:
+  pattern: <a $$$>$$$A</a>
+  has:
+    pattern: <a $$$>$$$</a>
+    stopBy: end

clear_your_tools-0.0.1/.ast-grep/rules/find-import-file-without-extension-ts.yml ADDED Viewed

@@ -0,0 +1,17 @@
+id: find-import-file
+message: Local file imports should include file extensions (.ts, .js, etc). Exclude npm packages.
+language: js
+severity: info
+rule:
+  regex: "^\\./[^.]+[^/]$"
+  kind: string_fragment
+  any:
+    - inside:
+        stopBy: end
+        kind: import_statement
+    - inside:
+        stopBy: end
+        kind: call_expression
+        has:
+          field: function
+          regex: "^import$"

clear_your_tools-0.0.1/.ast-grep/rules/missing-component-decorator-ts.yml ADDED Viewed

@@ -0,0 +1,26 @@
+id: missing-component-decorator
+message: You're using an Angular lifecycle method, but missing an Angular @Component() decorator.
+language: TypeScript
+severity: warning
+rule:
+  pattern:
+    context: "class Hi { $METHOD() { $$$_} }"
+    selector: method_definition
+  inside:
+    pattern: "class $KLASS $$$_ { $$$_ }"
+    stopBy: end
+    not:
+      has:
+        pattern: "@Component($$$_)"
+constraints:
+  METHOD:
+    regex: ngOnInit|ngOnDestroy
+labels:
+  KLASS:
+    style: primary
+    message: "This class is missing the decorator."
+  METHOD:
+    style: secondary
+    message: "This is an Angular lifecycle method."
+metadata:
+  contributedBy: samwightt

clear_your_tools-0.0.1/.ast-grep/rules/no-await-in-promise-all-ts.yml ADDED Viewed

@@ -0,0 +1,9 @@
+id: no-await-in-promise-all
+language: typescript
+rule:
+  pattern: await $A
+  inside:
+    pattern: Promise.all($_)
+    stopBy:
+      not: { any: [{ kind: array }, { kind: arguments }] }
+fix: $A

clear_your_tools-0.0.1/.ast-grep/rules/no-console-except-catch-ts.yml ADDED Viewed

@@ -0,0 +1,9 @@
+id: no-console-except-error
+message: Avoid console.log or console.debug in production code. Use console.error for errors or logging.warn for warnings. (Test files in __tests__/ are allowed.)
+language: typescript
+severity: warning
+rule:
+  pattern: console.$METHOD($$$)
+constraints:
+  METHOD:
+    regex: "log|debug"

clear_your_tools-0.0.1/.ast-grep/rules/rewrite-mobx-component-tsx.yml ADDED Viewed

@@ -0,0 +1,7 @@
+id: rewrite-mobx-component
+language: typescript
+rule:
+  pattern: export const $COMP = observer($FUNC)
+fix: |-
+  const Base$COMP = $FUNC
+  export const $COMP = observer(Base$COMP)

clear_your_tools-0.0.1/.ast-grep/rules/security-detect-angular-sce-disabled-js.yml ADDED Viewed

@@ -0,0 +1,18 @@
+id: detect-angular-sce-disabled-javascript
+language: javascript
+severity: warning
+message: >-
+  $sceProvider is set to false. Disabling Strict Contextual escaping
+  (SCE) in an AngularJS application could provide additional attack surface
+  for XSS vulnerabilities.
+note: >-
+  [CWE-79] Improper Neutralization of Input During Web Page Generation.
+  [REFERENCES]
+      - https://docs.angularjs.org/api/ng/service/$sce
+      - https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20170727_AngularJS.pdf
+ast-grep-essentials: true
+rule:
+  pattern: |
+    $sceProvider.enabled(false);

clear_your_tools-0.0.1/.ast-grep/rules/security-detect-angular-sce-disabled-ts.yml ADDED Viewed

@@ -0,0 +1,38 @@
+id: detect-angular-sce-disabled-typescript
+language: typescript
+severity: warning
+message: >-
+  $sceProvider is set to false. Disabling Strict Contextual escaping
+  (SCE) in an AngularJS application could provide additional attack surface
+  for XSS vulnerabilities.
+note: >-
+  [CWE-79] Improper Neutralization of Input During Web Page Generation.
+  [REFERENCES]
+      - https://docs.angularjs.org/api/ng/service/$sce
+      - https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20170727_AngularJS.pdf
+ast-grep-essentials: true
+rule:
+  kind: expression_statement
+  regex: ^\$sceProvider
+  has:
+    kind: call_expression
+    stopBy: end
+    all:
+      - has:
+          kind: member_expression
+          nthChild: 1
+          all:
+            - has:
+                kind: identifier
+                regex: ^\$sceProvider$
+            - has:
+                kind: property_identifier
+                regex: ^enabled$
+          precedes:
+            kind: arguments
+            has:
+              kind: "false"
+              nthChild: 1
+            not:
+              has:
+                nthChild: 2

clear_your_tools-0.0.1/.ast-grep/rules/security-express-session-hardcoded-secret-js.yml ADDED Viewed

@@ -0,0 +1,106 @@
+id: express-session-hardcoded-secret-javascript
+language: javascript
+severity: warning
+message: >-
+  A hard-coded credential was detected. It is not recommended to store
+  credentials in source-code, as this risks secrets being leaked and used by
+  either an internal or external malicious adversary. It is recommended to
+  use environment variables to securely provide credentials or retrieve
+  credentials from a secure vault or HSM (Hardware Security Module).
+note: >-
+  [CWE-798] Use of Hard-coded Credentials.
+  [REFERENCES]
+      - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
+ast-grep-essentials: true
+utils:
+  MATCH_SECRET:
+    kind: pair
+    pattern: $C
+    inside:
+      stopBy: end
+      kind: lexical_declaration
+      all:
+        - has:
+            stopBy: end
+            kind: variable_declarator
+            has:
+              stopBy: end
+              kind: object
+              has:
+                stopBy: end
+                kind: pair
+                pattern: $C
+                all:
+                  - has:
+                      stopBy: end
+                      kind: property_identifier
+                      pattern: $S
+                  - has:
+                      stopBy: end
+                      kind: string
+                      has:
+                        stopBy: end
+                        kind: string_fragment
+        - follows:
+            stopBy: end
+            kind: import_statement
+            any:
+              - pattern: import session from 'express'
+              - pattern: import session from 'express-session'
+              - pattern: import {session} from 'express-session'
+              - pattern: import * as session from 'express-session'
+  MATCH_SECRET_with_Instance:
+    kind: pair
+    all:
+      - has:
+          stopBy: neighbor
+          kind: property_identifier
+          regex: ^secret$
+      - has:
+          stopBy: neighbor
+          kind: identifier
+          pattern: $SECRET
+      - inside:
+          stopBy: end
+          kind: expression_statement
+          follows:
+            stopBy: end
+            kind: lexical_declaration
+            has:
+              stopBy: end
+              kind: variable_declarator
+              all:
+                - has:
+                    stopBy: neighbor
+                    kind: identifier
+                    pattern: $SECRET
+                - has:
+                    stopBy: neighbor
+                    kind: string
+                    has:
+                      stopBy: neighbor
+                      kind: string_fragment
+      - inside:
+          stopBy: end
+          any:
+            - kind: lexical_declaration
+            - kind: expression_statement
+              follows:
+                stopBy: end
+                kind: import_statement
+                any:
+                  - pattern: import session from 'express'
+                  - pattern: import session from 'express-session'
+                  - pattern: import {session} from 'express-session'
+                  - pattern: import * as session from 'express-session'
+rule:
+  kind: pair
+  any:
+    - matches: MATCH_SECRET
+    - matches: MATCH_SECRET_with_Instance
+constraints:
+  S:
+    regex: "^secret$"

clear_your_tools-0.0.1/.ast-grep/rules/security-express-session-hardcoded-secret-ts.yml ADDED Viewed

@@ -0,0 +1,207 @@
+id: express-session-hardcoded-secret-typescript
+language: typescript
+severity: warning
+message: >-
+  A hard-coded credential was detected. It is not recommended to store
+  credentials in source-code, as this risks secrets being leaked and used by
+  either an internal or external malicious adversary. It is recommended to
+  use environment variables to securely provide credentials or retrieve
+  credentials from a secure vault or HSM (Hardware Security Module).
+note: >-
+  [CWE-798] Use of Hard-coded Credentials.
+  [REFERENCES]
+      - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
+ast-grep-essentials: true
+rule:
+  kind: pair
+  all:
+    - has:
+        kind: property_identifier
+        regex: ^secret$
+        nthChild: 1
+    - has:
+        kind: string
+        nthChild: 2
+  inside:
+    stopBy: end
+    kind: object
+    pattern: $OBJECT
+    any:
+      - inside:
+          stopBy: end
+          kind: call_expression
+          pattern: $APP.use($SESSION($OBJECT))
+          inside:
+            stopBy: end
+            follows:
+              stopBy: end
+              any:
+                - kind: import_statement
+                  all:
+                    - has:
+                        kind: import_clause
+                        any:
+                          - has:
+                              kind: namespace_import
+                              has:
+                                kind: identifier
+                                pattern: $SESSION
+                          - has:
+                              kind: named_imports
+                              has:
+                                kind: import_specifier
+                                pattern: $SESSION
+                          - has:
+                              kind: identifier
+                              pattern: $SESSION
+                    - has:
+                        kind: string
+                        nthChild: 2
+                        regex: ^'express-session'$
+                - any:
+                    - kind: lexical_declaration
+                      all:
+                        - has:
+                            kind: variable_declarator
+                            all:
+                              - has:
+                                  kind: identifier
+                                  pattern: $SESSION
+                                  nthChild: 1
+                              - has:
+                                  kind: call_expression
+                                  nthChild: 2
+                                  regex: ^require\('express-session'\)$
+                    - kind: expression_statement
+                      has:
+                        kind: assignment_expression
+                        all:
+                          - has:
+                              kind: identifier
+                              pattern: $SESSION
+                              nthChild: 1
+                          - has:
+                              kind: call_expression
+                              nthChild: 2
+                              regex: ^require\('express-session'\)$
+      - inside:
+          stopBy: end
+          any:
+            - kind: lexical_declaration
+            - any:
+                - kind: expression_statement
+                - kind: assignment_expression
+              not:
+                follows:
+                  kind: ERROR
+            - kind: variable_declaration
+          has:
+            stopBy: end
+            any:
+              - kind: variable_declarator
+              - kind: assignment_expression
+            has:
+              kind: identifier
+              pattern: $IDENTIFIER
+              any:
+                - precedes:
+                    stopBy: end
+                    kind: object
+                    pattern: $OBJECT
+                - precedes:
+                    stopBy: end
+                    has:
+                      stopBy: end
+                      kind: object
+                      pattern: $OBJECT
+                - inside:
+                    stopBy: end
+                    precedes:
+                      stopBy: end
+                      has:
+                        stopBy: end
+                        kind: object
+                        pattern: $OBJECT
+          precedes:
+            stopBy: end
+            has:
+              stopBy: end
+              kind: call_expression
+              pattern: $APP.use($SESSION($IDENTIFIER))
+              has:
+                stopBy: end
+                kind: identifier
+                pattern: $IDENTIFIER
+              inside:
+                stopBy: end
+                follows:
+                  stopBy: end
+                  any:
+                    - kind: import_statement
+                      all:
+                        - has:
+                            kind: import_clause
+                            any:
+                              - has:
+                                  kind: namespace_import
+                                  has:
+                                    kind: identifier
+                                    pattern: $SESSION
+                              - has:
+                                  kind: named_imports
+                                  has:
+                                    kind: import_specifier
+                                    pattern: $SESSION
+                              - has:
+                                  kind: identifier
+                                  pattern: $SESSION
+                        - has:
+                            kind: string
+                            nthChild: 2
+                            regex: ^'express-session'$
+                    - any:
+                        - any:
+                            - kind: lexical_declaration
+                            - kind: variable_declaration
+                          all:
+                            - has:
+                                kind: variable_declarator
+                                all:
+                                  - has:
+                                      kind: identifier
+                                      pattern: $SESSION
+                                      nthChild: 1
+                                  - has:
+                                      kind: call_expression
+                                      nthChild: 2
+                                      all:
+                                        - has:
+                                            nthChild: 1
+                                            kind: identifier
+                                            regex: ^require$
+                                        - has:
+                                            nthChild: 2
+                                            kind: arguments
+                                            regex: ^\('express-session'\)$
+                        - kind: expression_statement
+                          has:
+                            kind: assignment_expression
+                            all:
+                              - has:
+                                  kind: identifier
+                                  pattern: $SESSION
+                                  nthChild: 1
+                              - has:
+                                  kind: call_expression
+                                  nthChild: 2
+                                  all:
+                                    - has:
+                                        nthChild: 1
+                                        kind: identifier
+                                        regex: ^require$
+                                    - has:
+                                        nthChild: 2
+                                        kind: arguments
+                                        regex: ^\('express-session'\)$

clear_your_tools-0.0.1/.ast-grep/rules/security-jwt-simple-noverify-js.yml ADDED Viewed

@@ -0,0 +1,45 @@
+id: jwt-simple-noverify-javascript
+language: JavaScript
+severity: warning
+message: >-
+  "Detected the decoding of a JWT token without a verify step. JWT tokens
+      must be verified before use, otherwise the token's integrity is unknown.
+      This means a malicious actor could forge a JWT token with any claims. Set
+      'verify' to `true` before using the token."
+note: >-
+  [CWE-287] Improper Authentication
+  [CWE-345] Insufficient Verification of Data Authenticity
+  [CWE-347] Improper Verification of Cryptographic Signature
+  [REFERENCES]
+      - https://www.npmjs.com/package/jwt-simple
+      - https://cwe.mitre.org/data/definitions/287
+      - https://cwe.mitre.org/data/definitions/345
+      - https://cwe.mitre.org/data/definitions/347
+ast-grep-essentials: true
+rule:
+  kind: call_expression
+  any:
+    - pattern: $JWT.decode($TOKEN, $SECRET, true $$$)
+    - pattern: $JWT.decode($TOKEN, $SECRET, "$$$" $$$)
+    - pattern: $JWT.decode($TOKEN, $SECRET, '$$$' $$$)
+    - pattern: $JWT.decode($TOKEN, $SECRET, `$$$` $$$)
+  inside:
+    stopBy: end
+    follows:
+      stopBy: end
+      any:
+        - kind: lexical_declaration
+          all:
+            - has:
+                stopBy: end
+                kind: identifier
+                pattern: $JWT
+            - has:
+                stopBy: end
+                kind: call_expression
+                pattern: require('jwt-simple')
+        - kind: expression_statement
+          has:
+            stopBy: end
+            kind: assignment_expression
+            pattern: $JWT = require('jwt-simple')

clear_your_tools-0.0.1/.ast-grep/rules/security-jwt-simple-noverify-ts.yml ADDED Viewed

@@ -0,0 +1,116 @@
+id: jwt-simple-noverify-typescript
+language: TypeScript
+severity: warning
+message: >-
+  "Detected the decoding of a JWT token without a verify step. JWT tokens
+      must be verified before use, otherwise the token's integrity is unknown.
+      This means a malicious actor could forge a JWT token with any claims. Set
+      'verify' to `true` before using the token."
+note: >-
+  [CWE-287] Improper Authentication
+  [CWE-345] Insufficient Verification of Data Authenticity
+  [CWE-347] Improper Verification of Cryptographic Signature
+  [REFERENCES]
+      - https://www.npmjs.com/package/jwt-simple
+      - https://cwe.mitre.org/data/definitions/287
+      - https://cwe.mitre.org/data/definitions/345
+      - https://cwe.mitre.org/data/definitions/347
+ast-grep-essentials: true
+rule:
+  pattern: $JWT.decode($TOKEN, $SECRET, $NOVERIFY $$$)
+  inside:
+    stopBy: end
+    follows:
+      stopBy: end
+      any:
+        - any:
+            - kind: lexical_declaration
+            - kind: variable_declaration
+          all:
+            - has:
+                kind: variable_declarator
+                all:
+                  - has:
+                      kind: identifier
+                      pattern: $JWT
+                      nthChild: 1
+                  - has:
+                      kind: call_expression
+                      nthChild: 2
+                      all:
+                        - has:
+                            nthChild: 1
+                            kind: identifier
+                            regex: ^require$
+                        - has:
+                            nthChild: 2
+                            kind: arguments
+                            has:
+                              stopBy: end
+                              kind: string
+                              nthChild: 1
+                              has:
+                                kind: string_fragment
+                                regex: ^jwt-simple$
+                            all:
+                              - not:
+                                  has:
+                                    nthChild: 2
+                              - not:
+                                  has:
+                                    stopBy: end
+                                    any:
+                                      - kind: object
+                                      - kind: array
+                                      - kind: pair
+        - kind: expression_statement
+          has:
+            kind: assignment_expression
+            all:
+              - has:
+                  kind: identifier
+                  pattern: $JWT
+                  nthChild: 1
+              - has:
+                  kind: call_expression
+                  nthChild: 2
+                  all:
+                    - has:
+                        nthChild: 1
+                        kind: identifier
+                        regex: ^require$
+                    - has:
+                        nthChild: 2
+                        kind: arguments
+                        has:
+                          stopBy: end
+                          kind: string
+                          has:
+                            kind: string_fragment
+                            regex: ^jwt-simple$
+constraints:
+  NOVERIFY:
+    all:
+      - any:
+          - any:
+              - regex: ^true$
+              - kind: string
+              - kind: template_string
+          - has:
+              stopBy: end
+              any:
+                - regex: ^true$
+                - kind: string
+                - kind: template_string
+              not:
+                any:
+                  - kind: property_identifier
+                  - kind: shorthand_property_identifier
+                  - any:
+                      - kind: string
+                      - kind: template_string
+                    nthChild: 1
+                inside:
+                  kind: pair